遊客站內搜尋的錯誤 - 52AV手機A片王|52AV.ONE

private function _xss_check() {
/ w- K* g9 a2 t7 ^' a4 A; s6 r
0 m- K, ]! `' d3 V* s; o9 h
static $check = array('"', '>', '<', '\'', '(', ')', 'CONTENT-TRANSFER-ENCODING');
. \* w2 h" g9 S' p% k
9 R j$ s! H |1 w6 G p- G3 {: n
if(isset($_GET['formhash']) && $_GET['formhash'] !== formhash()) {
' ]$ A, ^" o6 Z: Y8 q$ I- v/ J
system_error('request_tainting');
/ z# ]) l" d2 v7 m( Z
}6 _2 s% _# u& p/ {/ k+ h! ?
3 v9 C. o/ u* H' F: R
if($_SERVER['REQUEST_METHOD'] == 'GET' ) {, C& Y$ c% M# z( u- T: h
$temp = $_SERVER['REQUEST_URI'];6 E) U6 j7 C6 v) h' C4 p$ ?
} elseif(empty ($_GET['formhash'])) {: Y/ ~1 o1 m# K6 x1 l: z0 C
$temp = $_SERVER['REQUEST_URI'].file_get_contents('php://input');- {5 V* b2 {8 Z# \) G9 k& M
} else {
: u3 P5 E: C3 ?$ v$ c3 k3 E y
$temp = '';; N7 [$ x8 Q! _( I; B! D. s n2 \
}
2 k5 i8 L) y6 }6 m& h. B, h7 D
+ t) r1 y/ W1 ]# X5 D
if(!empty($temp)) {9 T- X* A& x; V; E' n( G
$temp = strtoupper(urldecode(urldecode($temp)));
- t4 P8 n2 k+ u5 ~
foreach ($check as $str) {7 t4 _6 h& H P( v3 K3 W0 Q
if(strpos($temp, $str) !== false) {
7 l- s$ w( o0 e; V. E. F" w
system_error('request_tainting');
8 y: T7 i9 m. K2 N% {0 P' h
}
! G+ ^, p( w/ Q, ?
}4 z- L8 z0 K5 b/ C. O7 k& v0 m) k
}* Z3 @3 L0 W# E+ X
/ ]+ x" ^7 {) Y% A- C
return true;
9 v$ o9 U# m8 K4 e" V" O! u
}

複製代碼

private function _xss_check() {
# S; o. w" _2 T" ?; H
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));9 ^. C7 W" X3 B4 a7 ]1 Q% X
if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {$ X! Y, d7 L6 I
system_error('request_tainting');& m& I$ T- @% g& q, o6 ]
}
) j' n$ x7 a, o, z
return true;9 k3 e( w2 V: A; {. X( O) o1 B* ]9 ^
}

複製代碼